March 19, 2013

EA’s Origin Gaming Platform Flawed, Players Suffer Malware Attacks

While players of such games as Medal of Honor and Battlefield 3 may take risks in the virtual warzone, they probably didn´t know they might be putting their computers at risk as well. The more than 40 million people who access those titles, as well as dozens of other games through EA´s Origin online game platform, could be allowing attackers to remotely execute malicious code on their computers, it was reported on Tuesday.

The attack was demonstrated last Friday at the Black Hat Europe 2013 security conference in Amsterdam, where security experts demonstrated it could take just seconds to execute. What makes this particular threat so serious is that it requires virtually no interaction by victims, according to researchers from Malt-based ReVuln, which released a white paper on the subject.

“The Origin platform is a very attractive attack vector, potentially affecting more than 40 million users. In fact, an attacker can remotely compromise millions of systems in a very silent and undetected way, by exploiting any possible local issue or feature exposed by any of the games available on Origin,” ReVuln researchers Donato Ferrante and Luigi Auriemma wrote in the white paper.

They further added that, “As the root cause is a design problem of the platform itself, the best protection for Origin users (at the moment) is to disable the origin:// URI handler, as described in the section, ℠Possible Fix and Workaround.´”

However, at present there is no actual evidence the loophole has been used in anyway by malicious hackers.

The irony is that Origin was meant to combat another common computer issue — namely video game piracy. As with Valve Software´s Steam, Origin was designed to act as a distribution system where customers could buy, download and manage video games. Because even games played offline would require an online connection to authenticate the game being played, it successfully tackled the piracy issue.

As far as the malware problem, Ferrante and Auriemma found Origin utilizes a web-like syntax to keep track of the places games are found on a computer, so these can be started when gamers look to initiate a game. The researchers found it is possible to subvert this syntax, which could be redirected to malicious code instead of a game.

The researchers claimed this could include a link to an Internet site that could remotely execute malicious code on a victim´s system. The researchers looked to a common title to attempt to create such a scenario.

“In order to demonstrate the insecurity of the Origin platform, we picked the most recent and well known game available on this platform: Crysis 3, which was released on 19 February 2013. We found several ways to trigger remote code execution against remote victim systems by abusing the Origin platform itself,” the paper added.

A similar exploit was demonstrated by the same researchers last October using Valve´s Steam.

For its part, EA has responded they are looking to address these security concerns.

“Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure,” an EA spokesman wrote in an e-mail to Ars Technica on Monday evening.

In addition to serving as the gateway and authentication service for those aforementioned shooters, Electronic Arts´ Origin service is also required to play the recently released SimCity which has seen its own share of nightmares. Just after the game released earlier this month, users were bombarded with server crashes making it nearly impossible to keep connected long enough to build a city.

EA announced they were on top of the issue and vowed to fix the problem as soon as possible. Shortly thereafter, EA announced they would be offering players who activated their games online a free game as their way of saying they were sorry for the debacle.